mustflow 2.108.0 → 2.108.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/cli/commands/api/serve.js +73 -10
- package/dist/cli/commands/script-pack.js +3 -0
- package/dist/cli/i18n/en.js +37 -0
- package/dist/cli/i18n/es.js +37 -0
- package/dist/cli/i18n/fr.js +37 -0
- package/dist/cli/i18n/hi.js +37 -0
- package/dist/cli/i18n/ko.js +37 -0
- package/dist/cli/i18n/zh.js +37 -0
- package/dist/cli/lib/command-registry.js +3 -0
- package/dist/cli/lib/script-pack-registry.js +84 -0
- package/dist/cli/script-packs/repo-automation-surface.js +88 -0
- package/dist/cli/script-packs/repo-dependency-surface.js +87 -0
- package/dist/cli/script-packs/repo-toolchain-provenance.js +90 -0
- package/dist/core/public-json-contracts.js +27 -0
- package/dist/core/repo-automation-surface.js +376 -0
- package/dist/core/repo-dependency-surface.js +282 -0
- package/dist/core/repo-toolchain-provenance.js +421 -0
- package/dist/core/run-receipt-state.js +23 -2
- package/dist/core/script-pack-suggestions.js +33 -1
- package/dist/core/secret-redaction.js +6 -1
- package/package.json +1 -1
- package/schemas/README.md +10 -0
- package/schemas/api-serve-response.schema.json +1 -0
- package/schemas/repo-automation-surface-report.schema.json +148 -0
- package/schemas/repo-dependency-surface-report.schema.json +121 -0
- package/schemas/repo-toolchain-provenance-report.schema.json +124 -0
- package/templates/default/i18n.toml +9 -9
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +17 -14
- package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +39 -11
- package/templates/default/locales/en/.mustflow/skills/cloud-cost-guardrail-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +56 -17
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +86 -27
- package/templates/default/locales/en/.mustflow/skills/routes.toml +4 -4
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +51 -32
- package/templates/default/locales/en/.mustflow/skills/tauri-code-change/SKILL.md +41 -3
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +47 -29
- package/templates/default/locales/en/.mustflow/skills/wails-code-change/SKILL.md +34 -4
- package/templates/default/manifest.toml +1 -1
package/README.md
CHANGED
|
@@ -309,6 +309,9 @@ mf run mustflow_update_apply
|
|
|
309
309
|
| `mf script-pack run code/export-diff compare --base HEAD --json` | Compare exported TypeScript or JavaScript declarations, return metadata, and package surface hints against a git base. |
|
|
310
310
|
| `mf script-pack run docs/reference-drift check [path...] --json` | Check documentation references to `mf` commands, script-pack refs, schema files, and repository paths against current local surfaces. |
|
|
311
311
|
| `mf script-pack run repo/config-chain inspect <path...> --json` | Inspect nearby package, TypeScript, ESLint, Vite, Tailwind, test, and mustflow config files plus static inheritance edges without executing dynamic config code. |
|
|
312
|
+
| `mf script-pack run repo/toolchain-provenance inspect --json` | Inspect repository-visible runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running those tools. |
|
|
313
|
+
| `mf script-pack run repo/automation-surface inspect --json` | Inventory package scripts, task runners, CI workflows, and mustflow command-intent coverage before adopting automation advice. |
|
|
314
|
+
| `mf script-pack run repo/dependency-surface inspect --json` | Inspect dependency manifests, lockfiles, update automation, and policy surfaces without installing or updating packages. |
|
|
312
315
|
| `mf script-pack run repo/env-contract scan [path...] --json` | Scan code, CI, docs, config, and env examples for environment-variable contract drift without reading or printing real secret env values. |
|
|
313
316
|
| `mf script-pack run repo/secret-risk-scan scan [path...] --json` | Scan code, docs, config, CI, and examples for plausible hardcoded secrets while reporting only redacted fingerprints. |
|
|
314
317
|
| `mf script-pack run repo/generated-boundary check <path...> --json` | Check whether candidate paths cross generated, ignored, protected, vendor, or cache boundaries before or after edits. |
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { createInterface } from 'node:readline';
|
|
2
1
|
import { apiReportActionSpec, isApiReportAction } from './actions.js';
|
|
3
2
|
import { printUsageError } from '../../lib/cli-output.js';
|
|
4
3
|
import { formatCliOptionParseError, hasParsedCliOption, parseCliOptions, } from '../../lib/option-parser.js';
|
|
5
4
|
import { isRecord } from '../../lib/command-contract.js';
|
|
6
5
|
import { t } from '../../lib/i18n.js';
|
|
7
6
|
const API_SERVE_SCHEMA_VERSION = '1';
|
|
7
|
+
const API_SERVE_MAX_LINE_CHARS = 1024 * 1024;
|
|
8
8
|
const API_SERVE_OPTIONS = [
|
|
9
9
|
{ name: '--stdio', kind: 'boolean' },
|
|
10
10
|
{ name: '--help', kind: 'boolean', aliases: ['-h'] },
|
|
@@ -53,6 +53,15 @@ function readApiServeId(request) {
|
|
|
53
53
|
}
|
|
54
54
|
return null;
|
|
55
55
|
}
|
|
56
|
+
function readApiServeChanged(request, id) {
|
|
57
|
+
if (!Object.hasOwn(request, 'changed')) {
|
|
58
|
+
return undefined;
|
|
59
|
+
}
|
|
60
|
+
if (typeof request.changed === 'boolean') {
|
|
61
|
+
return request.changed;
|
|
62
|
+
}
|
|
63
|
+
return createApiServeError(id, 'invalid_request', 'Request field "changed" must be a boolean when provided.');
|
|
64
|
+
}
|
|
56
65
|
function parseApiServeRequestLine(line) {
|
|
57
66
|
let parsed;
|
|
58
67
|
try {
|
|
@@ -72,11 +81,18 @@ function parseApiServeRequestLine(line) {
|
|
|
72
81
|
error: createApiServeError(id, 'invalid_request', 'Request must be a JSON object.'),
|
|
73
82
|
};
|
|
74
83
|
}
|
|
84
|
+
const changed = readApiServeChanged(parsed, id);
|
|
85
|
+
if (typeof changed !== 'boolean' && changed !== undefined) {
|
|
86
|
+
return {
|
|
87
|
+
request: null,
|
|
88
|
+
error: changed,
|
|
89
|
+
};
|
|
90
|
+
}
|
|
75
91
|
return {
|
|
76
92
|
request: {
|
|
77
93
|
id,
|
|
78
94
|
action: parsed.action,
|
|
79
|
-
changed
|
|
95
|
+
changed,
|
|
80
96
|
},
|
|
81
97
|
error: null,
|
|
82
98
|
};
|
|
@@ -99,8 +115,8 @@ function createApiServeResponse(request, runtime) {
|
|
|
99
115
|
try {
|
|
100
116
|
return createApiServeSuccess(id, runtime.createReport(request.action));
|
|
101
117
|
}
|
|
102
|
-
catch
|
|
103
|
-
return createApiServeError(id, 'report_unavailable',
|
|
118
|
+
catch {
|
|
119
|
+
return createApiServeError(id, 'report_unavailable', 'Report is unavailable for this action.');
|
|
104
120
|
}
|
|
105
121
|
}
|
|
106
122
|
function writeApiServeResponse(response, reporter) {
|
|
@@ -111,6 +127,53 @@ function writeApiServeResponse(response, reporter) {
|
|
|
111
127
|
}
|
|
112
128
|
reporter.stdout(line.trimEnd());
|
|
113
129
|
}
|
|
130
|
+
async function* readApiServeInputLines(input) {
|
|
131
|
+
input.setEncoding('utf8');
|
|
132
|
+
let buffer = '';
|
|
133
|
+
let discardingOversizedLine = false;
|
|
134
|
+
for await (const chunk of input) {
|
|
135
|
+
const text = typeof chunk === 'string' ? chunk : String(chunk);
|
|
136
|
+
let start = 0;
|
|
137
|
+
while (start < text.length) {
|
|
138
|
+
const newlineIndex = text.indexOf('\n', start);
|
|
139
|
+
const segmentEnd = newlineIndex === -1 ? text.length : newlineIndex;
|
|
140
|
+
const segment = text.slice(start, segmentEnd);
|
|
141
|
+
if (discardingOversizedLine) {
|
|
142
|
+
if (newlineIndex !== -1) {
|
|
143
|
+
yield { oversized: true };
|
|
144
|
+
discardingOversizedLine = false;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
else if (buffer.length + segment.length > API_SERVE_MAX_LINE_CHARS) {
|
|
148
|
+
buffer = '';
|
|
149
|
+
if (newlineIndex === -1) {
|
|
150
|
+
discardingOversizedLine = true;
|
|
151
|
+
}
|
|
152
|
+
else {
|
|
153
|
+
yield { oversized: true };
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
else {
|
|
157
|
+
buffer += segment;
|
|
158
|
+
if (newlineIndex !== -1) {
|
|
159
|
+
yield { line: buffer.endsWith('\r') ? buffer.slice(0, -1) : buffer };
|
|
160
|
+
buffer = '';
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
if (newlineIndex === -1) {
|
|
164
|
+
break;
|
|
165
|
+
}
|
|
166
|
+
start = newlineIndex + 1;
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
if (discardingOversizedLine) {
|
|
170
|
+
yield { oversized: true };
|
|
171
|
+
return;
|
|
172
|
+
}
|
|
173
|
+
if (buffer.length > 0) {
|
|
174
|
+
yield { line: buffer.endsWith('\r') ? buffer.slice(0, -1) : buffer };
|
|
175
|
+
}
|
|
176
|
+
}
|
|
114
177
|
export async function runApiServe(args, reporter, lang, runtime) {
|
|
115
178
|
const parsed = parseCliOptions(args, API_SERVE_OPTIONS);
|
|
116
179
|
if (hasParsedCliOption(parsed, '--help')) {
|
|
@@ -125,12 +188,12 @@ export async function runApiServe(args, reporter, lang, runtime) {
|
|
|
125
188
|
printUsageError(reporter, t(lang, 'api.error.serveRequiresStdio'), 'mf api --help', runtime.getHelp(lang), lang);
|
|
126
189
|
return 1;
|
|
127
190
|
}
|
|
128
|
-
const
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
const line =
|
|
191
|
+
for await (const inputLine of readApiServeInputLines(process.stdin)) {
|
|
192
|
+
if (inputLine.oversized) {
|
|
193
|
+
writeApiServeResponse(createApiServeError(null, 'request_too_large', `Request line exceeds ${API_SERVE_MAX_LINE_CHARS} characters.`), reporter);
|
|
194
|
+
continue;
|
|
195
|
+
}
|
|
196
|
+
const line = inputLine.line?.trim() ?? '';
|
|
134
197
|
if (line.length === 0) {
|
|
135
198
|
continue;
|
|
136
199
|
}
|
|
@@ -75,6 +75,9 @@ export function getScriptPackHelp(lang = 'en') {
|
|
|
75
75
|
'mf script-pack run test/performance-report summarize --json',
|
|
76
76
|
'mf script-pack run test/regression-selector select --base HEAD --json',
|
|
77
77
|
'mf script-pack run repo/config-chain inspect src/cli/index.ts --json',
|
|
78
|
+
'mf script-pack run repo/toolchain-provenance inspect --json',
|
|
79
|
+
'mf script-pack run repo/automation-surface inspect --json',
|
|
80
|
+
'mf script-pack run repo/dependency-surface inspect --json',
|
|
78
81
|
'mf script-pack run repo/env-contract scan --json',
|
|
79
82
|
'mf script-pack run repo/secret-risk-scan scan src README.md --json',
|
|
80
83
|
'mf script-pack run repo/security-pattern-scan scan src .github/workflows --json',
|
package/dist/cli/i18n/en.js
CHANGED
|
@@ -806,6 +806,9 @@ Read these files before working:
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "actions",
|
|
811
814
|
"scriptPack.label.schema": "schema",
|
|
@@ -1189,6 +1192,40 @@ Read these files before working:
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
package/dist/cli/i18n/es.js
CHANGED
|
@@ -806,6 +806,9 @@ Lee estos archivos antes de trabajar:
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "actions",
|
|
811
814
|
"scriptPack.label.schema": "schema",
|
|
@@ -1189,6 +1192,40 @@ Lee estos archivos antes de trabajar:
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
package/dist/cli/i18n/fr.js
CHANGED
|
@@ -806,6 +806,9 @@ Lisez ces fichiers avant de travailler :
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "actions",
|
|
811
814
|
"scriptPack.label.schema": "schema",
|
|
@@ -1189,6 +1192,40 @@ Lisez ces fichiers avant de travailler :
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
package/dist/cli/i18n/hi.js
CHANGED
|
@@ -806,6 +806,9 @@ export const hiMessages = {
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "actions",
|
|
811
814
|
"scriptPack.label.schema": "schema",
|
|
@@ -1189,6 +1192,40 @@ export const hiMessages = {
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
package/dist/cli/i18n/ko.js
CHANGED
|
@@ -806,6 +806,9 @@ export const koMessages = {
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "작업",
|
|
811
814
|
"scriptPack.label.schema": "스키마",
|
|
@@ -1189,6 +1192,40 @@ export const koMessages = {
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
package/dist/cli/i18n/zh.js
CHANGED
|
@@ -806,6 +806,9 @@ export const zhMessages = {
|
|
|
806
806
|
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
807
807
|
"scriptPack.script.testPerformanceReport.summary": "Summarize retained mf run performance evidence and test-suite bottlenecks",
|
|
808
808
|
"scriptPack.script.testRegressionSelector.summary": "Select likely regression tests and conservative fallback verification",
|
|
809
|
+
"scriptPack.script.toolchainProvenance.summary": "Inspect repository toolchain version contract sources and lockfile provenance",
|
|
810
|
+
"scriptPack.script.automationSurface.summary": "Inventory automation surfaces and mustflow command-intent coverage",
|
|
811
|
+
"scriptPack.script.dependencySurface.summary": "Inspect dependency manifests, lockfiles, update automation, and policy surfaces",
|
|
809
812
|
"scriptPack.label.script": "Script",
|
|
810
813
|
"scriptPack.label.actions": "actions",
|
|
811
814
|
"scriptPack.label.schema": "schema",
|
|
@@ -1189,6 +1192,40 @@ export const zhMessages = {
|
|
|
1189
1192
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1190
1193
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1191
1194
|
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1195
|
+
"toolchainProvenance.help.summary": "Inspect repository runtime, package-manager, lockfile, Docker, and CI toolchain provenance without running tools.",
|
|
1196
|
+
"toolchainProvenance.help.exit.ok": "The toolchain-provenance report was generated without blocking findings",
|
|
1197
|
+
"toolchainProvenance.help.exit.fail": "The toolchain-provenance report found provenance drift or unreadable metadata",
|
|
1198
|
+
"toolchainProvenance.title": "mustflow toolchain provenance",
|
|
1199
|
+
"toolchainProvenance.label.sources": "Sources",
|
|
1200
|
+
"toolchainProvenance.label.lockfiles": "Lockfiles",
|
|
1201
|
+
"toolchainProvenance.label.sourceDetails": "Source details",
|
|
1202
|
+
"toolchainProvenance.label.findings": "Findings",
|
|
1203
|
+
"toolchainProvenance.label.issues": "Issues",
|
|
1204
|
+
"toolchainProvenance.clean": "No repository toolchain provenance sources were detected.",
|
|
1205
|
+
"toolchainProvenance.error.missingAction": "Specify a toolchain-provenance action: inspect",
|
|
1206
|
+
"toolchainProvenance.error.unknownAction": "Unknown toolchain-provenance action: {action}",
|
|
1207
|
+
"automationSurface.help.summary": "Inventory package scripts, task runners, CI workflows, and mustflow intents without executing automation.",
|
|
1208
|
+
"automationSurface.help.exit.ok": "The automation-surface report was generated without blocking findings",
|
|
1209
|
+
"automationSurface.help.exit.fail": "The automation-surface report found risky automation or unreadable metadata",
|
|
1210
|
+
"automationSurface.title": "mustflow automation surface",
|
|
1211
|
+
"automationSurface.label.surfaces": "Surfaces",
|
|
1212
|
+
"automationSurface.label.risky": "Risky surfaces",
|
|
1213
|
+
"automationSurface.label.surfaceDetails": "Surface details",
|
|
1214
|
+
"automationSurface.label.findings": "Findings",
|
|
1215
|
+
"automationSurface.label.issues": "Issues",
|
|
1216
|
+
"automationSurface.error.missingAction": "Specify an automation-surface action: inspect",
|
|
1217
|
+
"automationSurface.error.unknownAction": "Unknown automation-surface action: {action}",
|
|
1218
|
+
"dependencySurface.help.summary": "Inspect dependency manifests, lockfiles, update automation, audit, license, and SBOM policy surfaces without installing packages.",
|
|
1219
|
+
"dependencySurface.help.exit.ok": "The dependency-surface report was generated without blocking findings",
|
|
1220
|
+
"dependencySurface.help.exit.fail": "The dependency-surface report found dependency policy drift or unreadable metadata",
|
|
1221
|
+
"dependencySurface.title": "mustflow dependency surface",
|
|
1222
|
+
"dependencySurface.label.surfaces": "Surfaces",
|
|
1223
|
+
"dependencySurface.label.ecosystems": "Ecosystems",
|
|
1224
|
+
"dependencySurface.label.surfaceDetails": "Surface details",
|
|
1225
|
+
"dependencySurface.label.findings": "Findings",
|
|
1226
|
+
"dependencySurface.label.issues": "Issues",
|
|
1227
|
+
"dependencySurface.error.missingAction": "Specify a dependency-surface action: inspect",
|
|
1228
|
+
"dependencySurface.error.unknownAction": "Unknown dependency-surface action: {action}",
|
|
1192
1229
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1193
1230
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1194
1231
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -169,6 +169,9 @@ export const COMMAND_DEFINITIONS = [
|
|
|
169
169
|
'repo-manifest-lock-drift-report',
|
|
170
170
|
'skill-route-audit-report',
|
|
171
171
|
'repo-version-source-report',
|
|
172
|
+
'repo-toolchain-provenance-report',
|
|
173
|
+
'repo-automation-surface-report',
|
|
174
|
+
'repo-dependency-surface-report',
|
|
172
175
|
'repo-approval-gate-report',
|
|
173
176
|
'repo-deploy-surface-report',
|
|
174
177
|
'config-chain-report',
|
|
@@ -436,6 +436,90 @@ export const SCRIPT_PACKS = [
|
|
|
436
436
|
reportSchemaFile: 'config-chain-report.schema.json',
|
|
437
437
|
loadRunner: async () => (await import('../script-packs/repo-config-chain.js')).runRepoConfigChainScript,
|
|
438
438
|
},
|
|
439
|
+
{
|
|
440
|
+
packId: 'repo',
|
|
441
|
+
id: 'toolchain-provenance',
|
|
442
|
+
ref: scriptRef('repo', 'toolchain-provenance'),
|
|
443
|
+
usage: 'mf script-pack run repo/toolchain-provenance inspect [options]',
|
|
444
|
+
summaryKey: 'scriptPack.script.toolchainProvenance.summary',
|
|
445
|
+
actions: ['inspect'],
|
|
446
|
+
useWhen: [
|
|
447
|
+
'Inspect repository runtime, package-manager, lockfile, Docker, and CI version contract sources before debugging local environment drift.',
|
|
448
|
+
'Review toolchain provenance when package metadata, CI, Docker, setup, bootstrap, or doctor automation changes.',
|
|
449
|
+
],
|
|
450
|
+
phases: ['before_change', 'after_change', 'review'],
|
|
451
|
+
readOnly: true,
|
|
452
|
+
mutates: false,
|
|
453
|
+
network: false,
|
|
454
|
+
inputs: [],
|
|
455
|
+
outputs: ['human_summary', 'json_report', 'toolchain_sources', 'lockfiles', 'toolchain_findings'],
|
|
456
|
+
relatedSkills: [
|
|
457
|
+
'command-intent-mapping-gate',
|
|
458
|
+
'config-env-change',
|
|
459
|
+
'dependency-reality-check',
|
|
460
|
+
'version-freshness-check',
|
|
461
|
+
],
|
|
462
|
+
riskLevel: 'low',
|
|
463
|
+
cost: 'low',
|
|
464
|
+
reportSchemaFile: 'repo-toolchain-provenance-report.schema.json',
|
|
465
|
+
loadRunner: async () => (await import('../script-packs/repo-toolchain-provenance.js')).runRepoToolchainProvenanceScript,
|
|
466
|
+
},
|
|
467
|
+
{
|
|
468
|
+
packId: 'repo',
|
|
469
|
+
id: 'automation-surface',
|
|
470
|
+
ref: scriptRef('repo', 'automation-surface'),
|
|
471
|
+
usage: 'mf script-pack run repo/automation-surface inspect [options]',
|
|
472
|
+
summaryKey: 'scriptPack.script.automationSurface.summary',
|
|
473
|
+
actions: ['inspect'],
|
|
474
|
+
useWhen: [
|
|
475
|
+
'Inventory package scripts, task runners, CI workflows, and mustflow command intents before mapping external automation advice to safe actions.',
|
|
476
|
+
'Review raw automation surfaces, long-running commands, release/deploy scripts, and missing command-contract coverage.',
|
|
477
|
+
],
|
|
478
|
+
phases: ['before_change', 'after_change', 'review'],
|
|
479
|
+
readOnly: true,
|
|
480
|
+
mutates: false,
|
|
481
|
+
network: false,
|
|
482
|
+
inputs: [],
|
|
483
|
+
outputs: ['human_summary', 'json_report', 'automation_surfaces', 'automation_findings'],
|
|
484
|
+
relatedSkills: [
|
|
485
|
+
'command-intent-mapping-gate',
|
|
486
|
+
'completion-evidence-gate',
|
|
487
|
+
'proactive-risk-surfacing',
|
|
488
|
+
'release-publish-change',
|
|
489
|
+
],
|
|
490
|
+
riskLevel: 'medium',
|
|
491
|
+
cost: 'low',
|
|
492
|
+
reportSchemaFile: 'repo-automation-surface-report.schema.json',
|
|
493
|
+
loadRunner: async () => (await import('../script-packs/repo-automation-surface.js')).runRepoAutomationSurfaceScript,
|
|
494
|
+
},
|
|
495
|
+
{
|
|
496
|
+
packId: 'repo',
|
|
497
|
+
id: 'dependency-surface',
|
|
498
|
+
ref: scriptRef('repo', 'dependency-surface'),
|
|
499
|
+
usage: 'mf script-pack run repo/dependency-surface inspect [options]',
|
|
500
|
+
summaryKey: 'scriptPack.script.dependencySurface.summary',
|
|
501
|
+
actions: ['inspect'],
|
|
502
|
+
useWhen: [
|
|
503
|
+
'Inspect dependency manifests, lockfiles, update-bot config, audit, license, and SBOM surfaces before dependency automation work.',
|
|
504
|
+
'Review package-manager lockfile conflicts, missing update automation, and missing dependency policy evidence.',
|
|
505
|
+
],
|
|
506
|
+
phases: ['before_change', 'after_change', 'review'],
|
|
507
|
+
readOnly: true,
|
|
508
|
+
mutates: false,
|
|
509
|
+
network: false,
|
|
510
|
+
inputs: [],
|
|
511
|
+
outputs: ['human_summary', 'json_report', 'dependency_surfaces', 'dependency_findings'],
|
|
512
|
+
relatedSkills: [
|
|
513
|
+
'dependency-reality-check',
|
|
514
|
+
'dependency-upgrade-review',
|
|
515
|
+
'provenance-license-gate',
|
|
516
|
+
'public-json-contract-change',
|
|
517
|
+
],
|
|
518
|
+
riskLevel: 'medium',
|
|
519
|
+
cost: 'low',
|
|
520
|
+
reportSchemaFile: 'repo-dependency-surface-report.schema.json',
|
|
521
|
+
loadRunner: async () => (await import('../script-packs/repo-dependency-surface.js')).runRepoDependencySurfaceScript,
|
|
522
|
+
},
|
|
439
523
|
{
|
|
440
524
|
packId: 'repo',
|
|
441
525
|
id: 'env-contract',
|